Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

not a valid win32/bagle - combofix

Started by eyaler , Mar 13 2008 10:20 AM

  • Please log in to reply

#1
eyaler
Posted 13 March 2008 - 10:20 AM

eyaler

    New Member

  • Member
  • Pip
  • 1 posts
i was stupid to run some fake exe which crashed my AVIRA antivirus
also some .exe's will now give a "not a valid win32..." error
i run combofix (had to change the name to "combo-fix.exe" for it to run other wise: not a valid win32)

i did a combofix. then i was able to install and run kaspersky:

detected: virus Email-Worm.Win32.Bagle.of File: C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\5254500.exe.vir
detected: Trojan program Trojan.Win32.Pakes.bwy File: C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\5262875.exe.vir
detected: virus Email-Worm.Win32.Bagle.of File: C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\down\650984.exe.vir

the system seems clean and stable now.
should i do something?
are there reg changes to be done?

here are combofix and hjthis logs:

ComboFix 08-03-10.1 - eyaler 03/13/2008 16:03:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1255.1.1033.18.1492 [GMT 2:00]
Running from: C:\Documents and Settings\eyaler\Desktop\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\down\5236125.exe
C:\WINDOWS\system32\drivers\down\5236843.exe
C:\WINDOWS\system32\drivers\down\5253656.exe
C:\WINDOWS\system32\drivers\down\5254500.exe
C:\WINDOWS\system32\drivers\down\5257531.exe
C:\WINDOWS\system32\drivers\down\5262875.exe
C:\WINDOWS\system32\drivers\down\5299921.exe
C:\WINDOWS\system32\drivers\down\5385406.exe
C:\WINDOWS\system32\drivers\down\5399703.exe
C:\WINDOWS\system32\drivers\down\643031.exe
C:\WINDOWS\system32\drivers\down\643984.exe
C:\WINDOWS\system32\drivers\down\649078.exe
C:\WINDOWS\system32\drivers\down\650984.exe
C:\WINDOWS\system32\drivers\down\654843.exe
C:\WINDOWS\system32\drivers\down\660328.exe
C:\WINDOWS\system32\drivers\down\663687.exe
C:\WINDOWS\system32\drivers\down\774078.exe
C:\WINDOWS\system32\drivers\down\780328.exe
C:\WINDOWS\system32\drivers\down\785000.exe
C:\WINDOWS\system32\drivers\down\789750.exe
C:\WINDOWS\system32\drivers\down\799328.exe
C:\WINDOWS\system32\drivers\down\811484.exe
C:\WINDOWS\system32\drivers\down\877203.exe
C:\WINDOWS\system32\drivers\down\879093.exe
C:\WINDOWS\system32\drivers\down\885343.exe
C:\WINDOWS\system32\drivers\down\927718.exe
C:\WINDOWS\system32\drivers\down\936562.exe
C:\WINDOWS\system32\drivers\hldrrr.exe
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\mdelk.exe
C:\WINDOWS\system32\wintems.exe
J:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_SROSA


((((((((((((((((((((((((( Files Created from 2008-02-13 to 2008-03-13 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-13 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-13 13:36 --------- d-----w C:\Program Files\eMule
2008-03-13 13:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-03-13 12:10 --------- d-----w C:\Program Files\Soulseek
2008-03-13 12:10 --------- d-----w C:\Documents and Settings\eyaler\Application Data\Symantec
2008-03-13 11:36 --------- d-----w C:\Documents and Settings\eyaler\Application Data\uTorrent
2008-03-13 00:01 --------- d-----w C:\Program Files\Symantec
2008-03-12 02:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-12 01:54 --------- d-----w C:\Documents and Settings\eyaler\Application Data\WinEdt
2008-03-12 00:54 --------- d-----w C:\Program Files\The Ur-Quan Masters
2008-03-12 00:43 --------- d-----w C:\Documents and Settings\eyaler\Application Data\foobar2000
2008-03-11 20:01 --------- d-----w C:\Program Files\MathWave
2008-03-11 18:56 --------- d-----w C:\Program Files\web-reg
2008-03-07 16:14 --------- d-----w C:\Program Files\MSDN
2008-03-07 05:34 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-03-07 05:34 --------- d-----w C:\Program Files\Business Objects
2008-03-07 05:30 --------- d-----w C:\Program Files\Microsoft Device Emulator
2008-03-07 05:29 --------- d-----w C:\Program Files\Windows Mobile 5.0 SDK R2
2008-03-07 05:26 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-03-07 05:26 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-07 05:23 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-07 03:44 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-03-07 03:30 --------- d-----w C:\Program Files\MSBuild
2008-03-07 03:24 --------- d-----w C:\Program Files\Microsoft SDKs
2008-03-06 01:48 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-02-29 14:02 --------- d-----w C:\Program Files\Phun
2008-02-29 11:20 --------- d-----w C:\Program Files\Windows Live
2008-02-29 11:20 --------- d-----w C:\Program Files\MSN Messenger
2008-02-29 11:18 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-29 11:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-20 17:50 --------- d-----w C:\Program Files\Lavasoft
2008-02-20 17:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-20 17:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 22:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-17 15:06 --------- d-----w C:\Program Files\Alcohol Soft
2008-02-16 15:59 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-02-05 22:35 --------- d-----w C:\Program Files\Battlestar Galactica
2008-02-05 22:33 --------- d--h--r C:\Documents and Settings\eyaler\Application Data\SecuROM
2008-02-05 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 16:04 215,144 ----a-r C:\WINDOWS\pw32a.dll
2008-02-02 16:04 215,144 ----a-r C:\WINDOWS\patchw32.dll
2008-02-02 14:54 --------- d-----w C:\Program Files\Microsoft Web Designer Tools
2008-02-01 17:33 --------- d-----w C:\Program Files\Recaps
2008-01-30 00:22 --------- d-----w C:\Program Files\Soulseek-Test
2008-01-28 23:03 --------- d-----w C:\Documents and Settings\eyaler\Application Data\Ambient Design
2008-01-28 23:02 --------- d-----w C:\Program Files\Ambient Design
2008-01-28 11:13 287,488 ----a-w C:\WINDOWS\system32\drivers\RTL8187.sys
2008-01-23 20:56 --------- d-----w C:\Program Files\gs
2008-01-23 20:40 --------- d-----w C:\Program Files\Ghostgum
2008-01-23 15:58 --------- d-----w C:\Program Files\LizardTech
2008-01-19 17:31 15,664 ----a-w C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2007-09-26 20:06 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012007092620070927\index.dat
.

------- Sigcheck -------

09/20/2007 11:21 AM 823808 431defbb4a3d7b0dc062c1b064623a2f C:\WINDOWS\ie7updates\KB939653-IE7\wininet.dll
08/20/2007 12:02 PM 825344 357d54bf94fe9d6d8505a96b5c2a3bca C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
10/30/2007 09:02 PM 666112 fcd4c436984c50f5d4f99c69f8206009 C:\WINDOWS\ServicePackFiles\i386\wininet.dll
10/11/2007 01:47 AM 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\system32\wininet.dll
10/11/2007 01:47 AM 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\system32\dllcache\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/30/2007 09:02 PM 15360]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [09/04/2007 07:25 PM 81920]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [12/22/2007 09:20 AM 222080]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GSICONEXE"="GSICON.EXE" [01/31/2002 10:44 PM 90112 C:\WINDOWS\system32\gsicon.exe]
"DSLAGENTEXE"="dslagent.exe" [01/31/2002 10:39 PM 16384 C:\WINDOWS\system32\dslagent.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM 132496]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [10/08/2007 07:47 AM 864256]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM 56080 C:\WINDOWS\KHALMNPR.Exe]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [03/13/2008 04:07 PM 249896]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM 56080 C:\WINDOWS\KHALMNPR.Exe]
"Hebrew"="C:\Program Files\הפוך על הפוך\Hebrew.exe" [ ]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [12/05/2007 01:41 AM 8523776]
"nwiz"="nwiz.exe" [12/05/2007 01:41 AM 1626112 C:\WINDOWS\system32\nwiz.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [10/09/2007 04:02 AM 1036288]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [12/05/2007 01:41 AM 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [10/30/2007 09:02 PM 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="regsvr32 /s /n /i:u shell32" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-09-29 00:03:45 692224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 12/23/2006 06:05 PM 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"LightScribeService"=2 (0x2)
"usnjsvc"=3 (0x3)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Maple 11\\jre\\bin\\maple.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Soulseek-Test\\slsk.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"C:\\WINDOWS\\system32\\ElectricSheep.scr"=
"C:\\WINDOWS\\system32\\dxdiag.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\CCP\\EVE\\bin\\ExeFile.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [02/10/2007 05:29 AM]
S1 srosa;Megadrv3;C:\WINDOWS\system32\drivers\srosa.sys []
S2 gafwload;GlobeSpan USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys [01/14/2002 08:19 PM]
S3 ALSysIO;ALSysIO;C:\DOCUME~1\eyaler\LOCALS~1\Temp\ALSysIO.sys []
S3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [07/20/2007 06:40 PM]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [01/28/2008 01:13 PM]
S3 VSPerfDrv90;Performance Tools Driver 9.0;C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Performance Tools\VSPerfDrv90.sys [09/04/2007 04:53 PM]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
S4 msvsmon90;Visual Studio 2008 Remote Debugger;"c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon90 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d4876676-bbd5-11dc-8392-009096300101}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-13 12:00:05 C:\WINDOWS\Tasks\options.job"
- C:\options\archive\options.exe <--------------- this is OK, please ignore it
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-13 16:12:15
Windows 5.1.2600 Service Pack 3, v.3244 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3244]
-> C:\Program Files\WinRAR\rarext.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Recaps\recaps.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 03/13/2008 16:31:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-13 14:31:22
.
2008-03-12 02:02:10 --- E O F ---




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:46, on 2008-03-13
Platform: Windows XP SP3, v.3244 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\GSICON.EXE
C:\WINDOWS\system32\dslagent.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\הפוך על הפוך\Hebrew.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Recaps\recaps.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://www.tau.ac.il/remote.pac
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Microsoft Web Test Recorder 9.0 Helper - {E31CE47F-C268-41ba-897B-B415E613947D} - c:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Hebrew] C:\Program Files\הפוך על הפוך\Hebrew.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" boot "C:\Documents and Settings\eyaler\Local Settings\Application Data\NVIDIA Corporation\nTune\Profiles\oc.nsu"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: bezeq.lnk = ?
O4 - Startup: Recaps.lnk = C:\Program Files\Recaps\recaps.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C724F953-AD55-49D1-AB22-99054C425693}: NameServer = 192.117.235.235 62.219.186.7
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UPSMONService - Unknown owner - C:\Program Files\UPSMON\UPSMON_Service.Exe (file missing)

--
End of file - 7260 bytes
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP